INFORMATION VENDING APPARATUS, INFORMATION VENDING METHOD, 

AND PROGRAM STORAGE MEDIUM 

BACKGROUND OF THE INVENTION 

The present invention relates generally to an 
information vending apparatus and an information vending 
method and a program storage medium and, more 
particularly, to an information vending apparatus, an 
information vending method, and a program storage medium 
for selling information such as music data for example. 

Now, referring to FIG. 1, there is shown a 
schematic diagram illustrating the configuration of a 
prior-art digital information vending system. In the 
figure, a digital information vending apparatus 1, 
installed at the storefront (of such as a convenience 
store) , receives digital information from a server unit 2 
via a transmission path 3 and stored the received digital 
information in itself. When selling the digital 
information stored inside, the digital information 
vending apparatus 1 records the digital information onto 
a recording medium 4 which is loaded in the digital 
information vending apparatus 1 by a purchaser. 

The digital information vending apparatus 1 
comprises a management capability 11, a digital 
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information accumulation capability 12, and a digital 
information vending capability 13. The management 
capability 11 has a digital information management 
capability 21 that controls the digital information 
accumulation capability 12 and the digital information 
vending capability 13. 

The digital information accumulation capability 12 
comprises a reception capability 22, a decryption 
capability 23, and a record holding capability 24. The 
reception capability 22 receives the encrypted digital 
information from the server unit 2 via the transmission 
path 3 and supplies the received digital information to 
the encryption capability 23. 

The decryption capability 23 stores a cryptographic 
key in advance and decrypts the encrypted digital 
information supplied from the reception capability 22. 
The record holding capability 24 record the decrypted 
digital information supplied from the decryption 
capability 23 as arranged in digital information 6-1 
through digital information 6-4. 

The digital information vending capability 13 
comprises an accounting capability 25, a reading 
capability 26, and a writing capability 27. 

The accounting capability 25 collects money from 
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the purchaser of any of the digital information 6-1 
through 6-4 stored in the digital information 
accumulation capability 12. The accounting capability 25 
further comprises a charge computation capability 31, a 
details print capability 32, and a charge collection 
capability 33 . 

The charge computation capability 31 computes the 
price of the digital information 6-1 through 6-4 sold. 
The details print capability 32 prints, on a receipt, 
such information about sold digital information 6-1 to 6- 
4 as its sale price for example. 

The charge collection capability 33 collects the 
charge for the sold digital information 6-1 to 6-4 from 
the money thrown in by the purchaser. 

The reading capability 26 reads the sold digital 
information 6-1 to 6-4 from the digital information 
accumulation capability 12 when the payment has been made 
by the purchaser and supplies the retrieved digital 
information 6-1 to 6-4 to the writing capability 27. 

The writing capability 27 writes the sold digital 
information 6-1 to 6-4 supplied from the reading 
capability 26 onto the loaded recording medium 4, 

In what follows, the digital information 6-1 
through 6-4 are generically referred to as digital 
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information 6 for simplify unless otherwise specified. 

The server unit 2 selects, at a predetermined time 
(for example, twelve midnight every day) recorded digital 
information 5-1 to 5-(n+l) to be transmitted to the 
digital information vending apparatus 1 and sends the 
selected digital information 5-1 to 5-(n+l) to the 
digital information vending apparatus 1 via the 
transmission path 3, 

The server unit 2 has a management capability 51, a 
digital information concentrated accumulation capability 
52, and a digital information distribution server 
capability 53. The management capability 51 has a digital 
information management capability 71 to control the 
digital information concentrated accumulation capability 
52 and the digital information distribution server 
capability 53. 

The digital information concentrated accumulation 
capability 52 accumulates the digital information 5-1 
through 5- (n+1) which are transmitted to the digital 
information vending apparatus 1. 

The digital information distribution server 
capability 53 reads digital information 5-1 to 5- (n+1) 
from the digital information concentrated accumulation 
capability 52, encrypts the retrieved digital information, 
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and sends it to the digital information vending apparatus 
1 via the transmission path 3. The digital information 
distribution server capability 53 has a reading 
capability 72, an encryption capability 73, and a 
transmission capability 74. 

The reading capability 72 reads the digital 
information 5-1 to 5-{n+l) from the digital information 
concentrated accumulation capability 52 and supplies the 
retrieved digital information to the encryption 
capability 73. The encryption capability 73 encrypts 
digital information 5-1 to 5-(n+l) supplied from the 
reading capability 72 by an encryption algorithm such as 
DES (Data Encryption Standard) and supplies the encrypted 
digital information to the transmission capability 74. 
The transmission capability 74 sends the encrypted 
digital information 5-1 to 5-(n+l) to the digital 
information vending apparatus 1 via the transmission path 
3 . 

In what follows, the digital information 5-1 
through 5-(n+l) is generically referred to as digital 
information 5 unless otherwise specified. 

A problem in the above-mentioned prior-art 
technology is that the recording medium 4 has no 
capability of preventing such non- compliant uses of the 
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digital information 6 as its unauthorized duplication and 
reproduction and the usage conditions of the digital 
information 6 are not recorded on the recording medium 4, 
making it impossible to prevent the non- compliant use 
from taking place. 

SUMMARY OF THE INVENTION 

It is therefore an object of the present invention 
to prevent non - compliant use of sold digital information. 

To achieve the above object, according to a first 
aspect of the present invention, there is provided an 
information vending apparatus including: accumulation 
means for accumulating information for sale; usage 
condition generating means for generating usage 
conditions for the information for sale; encryption means 
for encrypting the information for sale; encryption key 
generating means for generating a cryptographic key which 
decrypts the information for sale which is encrypted; 
authentication means for authenticating a recording 
medium directly or indirectly loaded on the information 
vending apparatus in one of direct and indirect manners; 
and writing means for writing the encrypted information 
for sale to the recording medium authenticated by the 
authentication means along with the usage conditions and 
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the cryptographic key. 

According to a second aspect of the present 
invention, there is provided an information vending 
method including the steps of: accumulating information 
for sale; generating usage conditions for the information 
for sale; encrypting the information for sale; generating 
a cryptographic key which decrypts the information for 
sale which is encrypted; authenticating a recording 
medium loaded on the information vending apparatus in one 
of direct and indirect manners; and writing the encrypted 
information for sale to the recording medium 
authenticated in the authentication step along with the 
usage conditions and the cryptographic key. 

According to a third aspect of the prevent 
invention, there is provided a program storage medium 
storing a computer- readable program including the steps 
of: accumulating information for sale; generating usage 
conditions for the information for sale; encrypting the 
information for sale; generating a cryptographic key 
which decrypts the information for sale which is 
encrypted; authenticating a recording medium loaded on 
the information vending apparatus in one of direct and 
indirect manners; and writing the encrypted information 
for sale to the recording medium authenticated in the 
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authentication step along with the usage conditions and 
the cryptographic key. 

According to the first, second, and third aspects 
of the present invention, the information for sale is 
accumulated, the usage conditions thereof are generated, 
the information for sale is encrypted, a cryptographic 
key for decrypting the encrypted information for sale is 
generated, a recording medium loaded in the information 
vending apparatus is authenticated, and the encrypted 
information is written to the authenticated recording 
medium along with the usage conditions and the 
cryptographic key, whereby, non- compliant use of sold 
digital information can be prevented. 

BRIEF DESCRIPTION OF THE DRAWINGS 

These and other objects of the invention will be 
seen by reference to the description, taken in connection 
with the accompanying drawings, in which: 

FIG. 1 is a schematic diagram illustrating the 
configuration of a prior-art digital information vending 
system; 

FIG. 2 is a schematic diagram illustrating a 
digital information vending apparatus practiced as one 
embodiment of the invention; 
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FIG. 3 is a block diagram illustrating an exemplary 
configuration of the digital information vending 
apparatus 101 ; 

FIG. 4 is a schematic diagram illustrating an 
exemplary configuration of the digital information 
vending system practiced as one embodiment of the 
invention; 

FIG. 5 is a diagram illustrating digital 
information 6 added with its usage conditions and a 
digital information key; 

FIG. 6 is a flowchart describing a process of 
selling digital information 6 of the digital information 
vending apparatus 101; and 

FIG. 7 is a schematic diagram illustrating a 
process of cross authentication between authentication 
capability 214 of the digital information vending 
apparatus 101 and recording medium with license 
management capability 102-1. 

FIG. 8 is a flowchart describing another example of 
selling digital information 6 the digital information 
vending apparatus 101. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

This invention will be described in further detail 
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by way of example with reference to the accompanying 
drawings . 

Now, referring to FIG. 2, there is shown a 
schematic diagram illustrating a digital information 
vending system practiced as one embodiment of the present 
invention. A digital information vending apparatus 101, 
installed at a storefront of such as a convenience store 
or installed as a kiosk vending machine at railway 
stations for example, receives digital information 
(including program, text, music including tone, voice, 
still picture, and moving picture data) from a server 
unit 2 via a transmission path 3 and stored the received 
digital information in itself. 

When selling digital information which is music 
data for example, the digital information vending 
apparatus 101 generates the usage conditions for the 
digital information on the basis of the SDMI (Secure 
Digital Music Initiative) standard and, at the same time, 
generates a cryptographic key (hereafter referred to as a 
digital information key) to encrypt the digital 
information such that it can be decrypted by the 
generated digital information key, supplying the 
encrypted digital information, its usage conditions and 
the digital information key to a recording medium with 
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license management capability 102-1 or a digital 
information reproduction unit with license management 
capability 103-1. 

When encrypting the digital information with a 
common-key encryption algorithm such as DES, the digital 
information vending apparatus 101 encrypts the digital 
information with the digital information key. When 
encrypting the digital information with a public-key 
encryption algorithm such as RSA (Rivest - Shamir -Adleman) , 
the digital venting apparatus 101 encrypts the digital 
information with a private key and sends the encrypted 
digital information to the recording medium with license 
management capability 102-1 or the digital information 
reproduction unit with license management capability 103- 
1 with a public key used as the digital information key. 

For example, in use of the digital information 
which is music data, the digital information reproduction 
units with license management capability 103-1 and 103-2, 
a personal computer (PC) 104, and a portable terminal 
unit 105 have each an LCM (Licensed Compliant Module) , a 
software module based on SDMI, and enable or disable such 
operations to be executed on the digital information as 
check- in, checkout, copying, and moving, on the basis of 
its usage conditions. 
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The recording media with license management 
capability 102-1 and 102-2 manage the use of the recorded 
digital information (for example, enable or disable of 
its reading) on the basis of its usage conditions. 

The transmission path 3, wired or wireless, is 
leased line, LAN (Local Area Network), ISDN (Integrated 
Services Digital Network) , xDSL (x Digital Subscriber 
Line) , telephone line, PHS (Personal Handyphone System) 
line, mobile telephone line, WLL (Wireless Local Loop) , 
communications satellite line, or broadcast satellite 
line . 

When the recording medium with license management 
capability 102-1 owned by a purchaser is directly or 
indirectly loaded in a loading section 111 of the digital 
information vending apparatus 101 to buy the digital 
information stored therein, the digital information 
vending apparatus 101 cross - authenticates recording 
medium with the license management capability 102-1. The 
digital information vending apparatus 101 generates the 
usage conditions of the digital information 6, encrypts 
digital information 6 and generates a digital information 
key for use in decrypting the encrypted digital 
information 6 . 

The digital information vending apparatus 101 
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records the encrypted digital information 6 onto the 
authenticated recording medium with license management 
capability 102-1 along with the usage conditions and the 
digital information key. 

The recording medium with license management 
capability 102-1 with the digital information 6 recorded 
by the digital information vending apparatus 101 is 
loaded into, for example, a PDA (Personal Digital 
Assistant) or a portable terminal unit 105 of a mobile 
telephone, each having a digital information reproduction 
capability with license management capability 115 for 
example. The digital information reproduction capability 
with license management capability 115 of the portable 
terminal unit 105 reads digital information 6 from the 
recording medium with license management capability 102-1 
and can use the digital information 6 on the basis of its 
usage conditions. 

The interface 113-1 of the digital information 
reproduction unit with license management capability 103- 
1 with the recording medium with license management 
capability 102-2 owned by the purchaser connects to the 
interface 112 of the digital information vending 
apparatus 101 over a cable or the like for example 
compliant with the communication scheme of the interface 
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113-1 and the interface 112. When the digital information 
reproduction unit with license management capability 103- 
1 is connected, the digital information vending apparatus 
101 cross -authenticates the digital information 
reproduction unit with license management capability 103- 
1 . 

It should be noted that, when the recording medium 
with license management capability 102-2 is loaded, the 
digital information reproduction unit with license 
management capability 103-1 cross - authenticates the 
recording medium with license management capability 102 -: 

The digital information vending apparatus 101 
records the digital information 6 and its usage 
conditions and the digital information key onto the 
recording medium with license management capability 102-2 
loaded in the digital information reproduction unit with 
license management capability 103-1 through the digital 
information reproduction unit with license management 
capability 103-1. 

The digital information reproduction unit with 
license management capability 103-1 may record the 
digital information and its usage conditions and the 
digital information key supplied from the digital 
information vending apparatus 101 onto a storage section 
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integrally arranged on the digital information 
reproduction unit with license management capability 103- 
1 . 

The recording medium with license management 
capability 102-1 with the digital information 6 recorded 
by the digital information vending apparatus 101 is 
loaded, via an interface 113-2 and an interface 114, into 
the digital information reproduction unit with license 
management capability 103-2 for example connected to the 
personal computer 104. The digital information 
reproduction unit with license management capability 103- 
2 can read the digital information 6 from the recording 
medium with license management capability 102-2 and use 
the digital information 6 on the basis of its usage 
conditions . 

The recording medium with license management 
capability 102-1 or 102-2 is constituted by semiconductor 
memory such as flash memory, magnetic disc such as floppy 
disc, optical disc such as Compact Disc (trademark) , or 
magneto-optical disc such as Mini Disc (trademark) . 

The personal computer 104 can read the digital 
information 6 from the recording medium with license 
management capability 102-2 via the digital information 
reproduction unit with license management capability 103- 
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2 and use the digital information 6 on the basis of its 
usage conditions. 

It should be noted that the interface 112, the 
interfaces 113-1 and 113-2, and the interface 114 can use 
any of wired communication schemes such as USB (Universal 
Serial Bus) , IEEE (Institute of Electrical and 
Electronics Engineers) 1394 and SCSI (Small Computer 
System Interface) or infrared communication such as IrDA 
(Infrared Data Association) or wireless communication 
such as Bluetooth. 

FIG. 3 illustrates one example of the configuration 
of the digital information vending apparatus 101. A CPU 
(Central Processing Unit) 121 executes various 
application programs and an OS (Operating System) . ROM 
(Read Only Memory) 122 generally stores programs and 
basically fixed data of computational parameters to be 
used by the CPU 121. RAM (Random Access Memory) 123 
stores programs to be used by the CPU 121 in its 
execution and parameter that changes from time to time in 
the execution. 

An input section 125, constituted by a touch pad or 
an input key arranged on a display section 126, is 
operated by the purchase when inputting various commands 
into the CPU 121. The display section 126, constituted by 
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a liquid crystal display device or a CRT (Cathode Ray 
Tube) , displays various kinds of information in the form 
of text or image. An audio reproduction section 127 
outputs sound on the basis of the music data for example 
contained in the digital information 6 supplied from the 
CPU 121. 

A communication section 128 outputs data such as 
digital information stored in packets supplied from the 
server unit 2 to the CPU 121, the RAM 123, or the 
recording section 129. 

A recording section 129, constituted by a HDD (Hard 
Disk Drive) for example, records programs to be executed 
by CPU 121 and the digital information 6 and reproduces 
them from the HDD. 

A drive 151 reads data or programs from loaded 
magnetic disc 161, loaded optical disc 162, loaded 
magneto-optical disc 163, or semiconductor memory 164 and 
supplies the retrieved data or the programs to the RAM 
123 connected via an interface 130 and a bus 124. 

Writing section 131 writes digital information 6 
from recording section 129 to recording medium with 
license management capability 102-1 loaded in loading 

section 111. 

Interface 112 connects to one end of a cable 
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compliant with a predetermined communication scheme and 
sends digital information 6 from recording section 129 to 
digital information reproduction unit with license 
management capability 103-1 connected to the other end of 
the cable. 

Charge collection section 132 supplies signals 
indicative of whether the money for digital information 6 
has been thrown in by a purchaser and indicative of the 
thrown in amount to CPU 121. 

These components, the CPU 121 through the charge 
collection section 132, are interconnected by the bus 124. 

FIG. 4 illustrates one example of the configuration 
of the digital information vending system practiced as 
another embodiment of the invention. With reference to 
FIG. 4, components similar to those previously described 
with FIG* 1 are denoted by the same reference numerals. 

A digital information vending apparatus 101 has a 
management capability 211, a digital information 
accumulation capability 212, a digital information 
vending capability 213, and an authentication capability 
214, each being implemented by a predetermined software 
program executed by a CPU 121. The management capability 
has a digital information management capability 221 to 
control the digital information accumulation capability 
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212 and digital information vending capability 213 on the 
basis of the signals inputted from the input section 125 
by a purchaser for example. 

The digital information accumulation capability 212 
is composed of a reception capability 222, a decryption 
capability 223, and a recording holding capability 224. 
The reception capability 222 receives encrypted digital 
information 5 from the server unit 2 via the transmission 
path 3 and supplies the received digital information 5 to 
the decryption capability 223, 

The decryption capability 223 stores a digital 
information key in advance and decrypts the encrypted 
digital information 5 supplied from the reception 
capability 222 by the stored key. The record holding 
capability 224 receives the decrypted digital information 
5 from the decryption capability 223 and records the 
received information as arranged in digital information 
6-1 through 6-4 for example. 

The digital information vending capability 213 
comprises an accounting capability 225, a reading 
capability 226, a license generating capability 227, a 
digital information key generating capability 228, an 
encryption capability 229, and a licensed digital 
information writing capability 230. 
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When any of the digital information 6-1 through 6-4 
accumulated in the digital information accumulation 
capability 212 has been purchased, the accounting 
capability 225 collects an amount of money for the 
purchased digital information from the purchaser. In 
addition, the accounting capability 225 comprises a 
charge computation capability 231, a details print 
capability232 , and the charge collection capability 233, 

The charge computation capability 231 computes the 
charges of sold one of the digital information 6-1 
through 6-4 sold. The details print capability 232 prints, 
on a receipt, in barcode for example, such information 
about sold one of the digital information 6-1 through 6-4 
as its sale price for example. 

The charge collection capability 233 causes the 
charge collection section 132 to collect, on the basis of 
the signal supplied from the charge collection section 
132, the amount of money paid for sold one of the digital 
information 6-1 through 6-4 sold. 

When the amount of money has been paid for the 
digital information 6-1 through 6-4 sold, the reading 
capability 226 reads sold one of the digital information 
6-1 through 6-4 from the digital information accumulation 
capability 212 and supplies the retrieved one of the 
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digital information 6-1 through 6-4 to the encryption 
capability 229. 

The license generating capability 227 generates 
usage conditions of the sold one of the digital 
information 6-1 through 6-4 on the basis of the signal 
for example inputted from the input section 125 by the 
purchaser and supplies the generated usage conditions to 
the licensed digital information writing capability 230. 

The digital information key generating capability 
228 generates a digital information key for the sold one 
of the digital information 6-1 through 6-4 and supplies 
the generated digital information key to the encryption 
capability 229. 

The encryption capability 229 encrypts sold one of 
the digital information 6-1 through 6-4 supplied from the 
reading capability 226 so as to decrypt the sold one of 
the digital information by the digital information key 
supplied by the digital information key generating 
capability 228. Also, the encryption capability 229 may 
encrypt the sold one of the digital information 6-1 
through 6-2 along with its usage conditions. The 
encryption capability 229 supplies the encrypted sold one 
of the digital information 6-1 through 6-4 to the 
licensed digital information writing capability 230 along 
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with the digital information key. 

The licensed digital information writing capability 
230 writes the sold one of digital information 6-1 
through 6-4 supplied from encryption capability 229 to 
authenticated recording medium with license management 
capability 102-1 along with the usage conditions and the 
digital information key. Also, licensed digital 
information writing capability 230 writes encrypted sold 
one of digital information 6-1 through 6-4 to the digital 
information reproduction unit with license management 
capability 103-1 in which the recording medium with 
license management capability 102-1 is loaded. 

As shown in FIG. 5, digital information 6 to be 
supplied to the recording medium with license management 
capability 102-1 or the digital information reproduction 
unit with license management capability 103-1 is 
correlated with the usage conditions for using the 
digital information 6 and the digital information key for 
decrypting the digital information 6. When the digital 
information 6 is used, the recording medium with license 
management capability 102-1 or the digital information 
reproduction unit with license management capability 103- 
1 decrypts the digital information 6 by the digital 
information key to use the digital information 6 in 
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accordance with its usage conditions. 

For example, if the usage conditions allow the 
movement of the digital information 6 but prohibit its 
copying, the recording medium with license management 
capability 102-1 or the digital information reproduction 
unit with license management capability 103-1 can move 
the digital information 6 but cannot copy the same to 
other devices. 

The authentication capability 214 authenticates the 
loaded recording medium with license management 
capability 102-1 or the digital information reproduction 
unit with license management capability 103-1 (connected) 
in which the recording medium with license management 
capability 102-1 is loaded by following a procedure to be 
described later. 

It should be noted that the management capability 
211, the digital information accumulation capability 212, 
the digital information vending capability 213, and the 
authentication capability 214 may be implemented by a 
dedicated hardware device, respectively. 

The following describes the processing of selling 
the digital information 6 of the digital information 
vending apparatus 101 when the digital information is 
written for sale to the recording medium with license 
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management capability 102-1 owned by the purchaser, with 
reference to the flowchart shown in FIG. 6. In step Sll, 
the management capability 211 determines, on the basis of 
the signal supplied from the writing section 131, whether 
or not the recording medium with license management 
capability 102-1 is loaded in the loading section 111 of 
the digital information vending apparatus 101. If the 
recording medium with license management capability 102-1 
is not found loaded in the loading section 111, the 
determination process in step Sll is repeated until the 
recording medium with license management capability 102-1 
is loaded. 

If the recording medium with license management 
capability 102-1 is found loaded in the loading section 
111 in step Sll, then the authentication capability 214 
authenticates the recording medium with license 
management capability 102-1 loaded in the loading section 
111 in step S12. 

FIG, 7 illustrates the processing of cross- 
authentication between the authentication capability 214 
of the digital information vending apparatus 101 and the 
recording medium with license management capability 102-1. 
The cross-authentication between the digital information 
vending apparatus 101 and the recording medium with 
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license management capability 102-1 is executed in a 
challenge and response manner for example. 

The digital information vending apparatus 101 
previously records a key Kab and an ID of its own. The 
recording medium with license management capability 102-1 
previously records a key K* (consists of two or more 
keys) . 

The authentication capability 214 of the digital 
information vending apparatus 101 generates random 
numbers Na and #G by its internal random number generator 
and sends these random numbers Na and #G to the recording 
medium with license management capability 102-1 along 
with the ID. 

The recording medium with license management 
capability 102-1 generates random numbers Nb and Sb by 
its internal random number generator. The recording 
medium with license management capability 102-1 receives 
the ID of the digital information vending apparatus 101 
and the random numbers Na and #G supplied from digital 
information vending apparatus 101. A computation section 
of the recording medium with license management 
capability 102-1 applies a predetermined function to the 
random number #G to generate a variable j . 

On the basis of variable j, the computation section 
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of the recording medium with license management 
capability 102-1 selects predetermined key K*[j] from 
among the key K* consisting of two or more keys and, by 
use of the selected key K*[j], applies a hash function to 
the ID of the digital information vending apparatus 101 
to obtain the key Kab . 

By use of the key Kab, the computation section of 
the recording medium with license management capability 
102-1 applies a hash function to the random number Na 
received from the digital information vending apparatus 
101, the generated random number Nb, and the ID of the 
digital information vending apparatus 101 to compute a 
variable R. 

The recording medium with license management 
capability 102-1 sends the random number Nb, the variable 
R, the variable j, and the random number Sb to the 
digital information vending apparatus 101. 

The digital information vending apparatus 101 
receives the random number Nb, the variable R, the 
variable j, and the random number Sb supplied by the 
recording medium with license management capability 102-1 

The authentication capability 214 of the digital 
information vending apparatus 101 determines whether or 
not a value obtained by applying a hash function to the 
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random number Na, the random number Nb received from the 
recording medium with license management capability 102-1, 
and the ID of the digital information vending apparatus 
101 by use of the key Kab is equal to the variable R 
received from the recording medium with license 
management capability 102-1. If the value is found equal 
to the variable R, then the authentication capability 214 
authenticates the recording medium with license 
management capability 102-1 to be valid. 

If the value obtained by applying a hash function 
to the random number Na, the random number Nb, and the ID 
by use of the key Kab is found unequal to the variable R, 
then the authentication capability 214 of the digital 
information vending apparatus 101 determines that the 
recording medium with license management capability 102-1 
is invalid, upon which the authentication processing 
comes to an end without the authenticating recording 
medium with license management capability 102-1. 

If the recording medium with license management 
capability 102-1 is found valid, then the authentication 
capability 214 of the digital information vending 
apparatus 101 applies a hash function to the random 
number Nb and the random number Na by use of the key Kab 
to compute a variable R' . The authentication capability 
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214 of the digital information vending apparatus 101 
applies a hash function to the random number Sa and the 
random number Sb by use of the key Kab to compute a 
temporary key Ks . 

The authentication capability 214 of the digital 
information vending apparatus 101 sends the variable R' 
and the random number Sa to the recording medium with 
license management capability 102-1. 

The recording medium with license management 
capability 102-1 receives the variable R' and the random 
number Sa supplied from the digital information vending 
apparatus 101. 

The recording medium with license management 
capability 102-1 determines whether or not a value 
obtained by applying a hash function to the random number 
Nb and the random number Na by use of the key Kab is 
equal to the variable R' received from the recording 
medium with license management capability 102-1. if the 
value obtained by applying a hash function to the random 
number Nb and the random number Na by use of the key Kab 
is found equal to the variable R', then the recording 
medium with license management capability 102-1 
determines that the digital information vending apparatus 
101 is valid. 
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If the value obtained by applying a hash function 
to the random number Nb and the random number Na by use 
of the key Kab is found unequal to the variable R' , then 
the recording medium with license management capability 
102-1 determines that the digital information vending 
apparatus 101 is invalid, upon which the authentication 
processing comes to an end without the authenticating 
digital information vending apparatus 101. 

If the digital information vending apparatus 101 is 
authenticated valid, the recording medium with license 
management capability 102-1 applies a hash function to 
the random number Sa and the random number Sb by use of 
the key Kab to compute a temporary key Ks . 

Thus, the digital information vending apparatus 101 
and the recording medium with license management 
capability 102-1 cross - authenticate each other and, upon 
successful cross-authentication, share the common 
temporary key Ks , 

It should be noted that, instead of using hash 
functions, DES may be used for cross - authentication . 

In step S13, the management capability 211 
determines whether or not the recording medium with 
license management capability 102-1 has been successfully 
authenticated in step S12 and, if the recording medium 
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with license management capability 102-1 is found 
successfully authenticated, then, in step S14, displays a 
selection screen for sellable digital information 6 on 
the display section 126 on the basis of the data supplied 
from the digital information accumulation capability 212. 

In step S15, the management capability 211 
determines, on the basis of a signal inputted from the 
input section 125 by the purchaser, whether or not 
digital information to be sold has been determined. If a 
digital signal to be sold is found determined, then the 
management capability 211 causes the charge computation 
capability 231 of the digital information vending 
capability 213 to compute the price of the digital 
information 6 for sale in step S16. 

In step S17, the management capability 211 
determines, on the basis of a signal supplied from the 
charge collection section 132 of the digital information 
vending capability 213, whether or not the corresponding 
amount of money has been thrown into the charge 
collection section 13. If the amount of money is found 
thrown into the charge collection section 132, then the 
management capability 211 causes the charge collection 
capability 233 to count the amount of money thrown into 
the charge collection section 132 in step S18. 
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In step S19, the management capability 211 
determines, on the basis of the price of the digital 
information 6 computed in step SIS and the amount of 
money thrown into the charge collection section 132 
supplied from the charge collection capability 233, 
whether or not digital information 6 can be sold at the 
amount of money thrown in. If it is found that the 
digital information 6 can be sold at the amount of money 
thrown in, then the management capability 211 causes the 
reading capability 226 to read the specified digital 
information 6 from the record holding capability 224 in 
step S20. The license generating capability 227 generates 
the usage conditions for the retrieved digital 
information 6. The digital information key generating 
capability 228 generates a digital information key for 
decrypting the digital information 6. The encryption 
capability 229 encrypts this digital information 6 by DES 
for example . 

The licensed digital information writing capability 
230 records this digital information 6 to the recording 
medium with license management capability 102-1 along 
with its usage conditions and the digital information key. 

In step S21, the management capability 211 
determines, on the basis of a signal supplied from the 
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writing section 131 or the licensed digital information 
writing capability 230, whether or not digital 
information 6 and its usage conditions and the digital 
information key have been normally recorded on the 
recording medium with license management capability 102-1. 
If the digital information 6 and its usage conditions and 
the digital information key are found normally recorded 
on the recording medium with license management 
capability 102-1, then the management capability 211 
ejects the recording medium with license management 
capability 102-1 from the loading section 111 of the 
digital information vending apparatus 101 in step S22, 
upon which the digital information sale processing comes 
to an end. 

In step S13, if the recording medium with license 
management capability 102-1 is found not successfully 
authenticated , it indicates that the recording medium 
with license management capability 102-1 is not compliant 
one. Then, in step S23, the management capability 211 
displays an error message on the display section 126 that 
the recording medium with license management capability 
102-1 is not a compliant recording medium, upon which the 
digital information selling processing comes to an end. 

In step S15, if the digital information to be sold 
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is not selected and it is determined that a request for 
discontinuing the processing has been made, then the 
management capability 211 displays a message on the 
display section 126 that the processing has been 
discontinued in step S24, upon which the digital 
information selling processing comes to an end. 

In step S17, if the amount of money has not been 
thrown into the charge collection section 132 and it is 
determined that a request for discontinuing the 
processing has been made, then the management capability 
211 displays a message on display section 126 that the 
processing has been discontinued, upon which the digital 
information selling processing comes to an end. 

In step S19, if the digital information 6 is found 
not sellable for the inputted amount of money, then the 
management capability 211 displays, in step S26, a 
message on the display section 126 that the processing 
has been discontinued because of the inputted money does 
not amount to the price of the digital information 6. The 
management capability 211 causes charge collection 
section 132 to eject the inputted money, upon which the 
digital information selling processing comes to an end. 

In step S21, if the digital information 6 is found 
not normally recorded on recording medium with license 
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management capability 102-1 along with the usage 
conditions and the digital information key, then the 
management capability 211 displays, in step S27, a 
message on the display section 126 that the writing 
operation has failed, upon which the digital information 
selling processing comes to an end. 

Thus, the digital information vending apparatus 101 
can record the digital information 6 on the recording 
medium with license management capability 102-1 along 
with the usage conditions and the digital information key- 
It should be noted that the digital information 
vending apparatus 101 writes, in generally the same 
processing as described above, the digital information 6 
and its usage conditions and the digital information key 
onto the digital information reproduction unit with 
license management capability 103-1 with the recording 
medium with license management capability 102-2 loaded. 

The following describes another method of 
processing for selling digital information 6 of the 
digital information vending apparatus 101 by writing the 
digital information 6 onto the recording medium with 
license management capability 102-1 owned by a purchaser, 
with reference to the flowchart shown in FIG. 8. The 
processes of steps S51 through S55 are the same as those 
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steps Sll through S15 of FIG. 6, so that their 
descriptions will be omitted. 

If, in step S55, the digital information 6 to be 
sold has been determined, then the management capability 
211 causes, in step S56, the reading capability 226 to 
read the digital information 6 to be sold from the record 
holding capability 224. The license generating capability 
227 generates the usage conditions for the digital 
information 6 to be sold. The digital information key 
generating capability 228 generates a digital information 
key for decrypting this digital information 6, The 
encryption capability 229 encrypts this digital 
information 6 by the DES for example. 

The licensed digital information writing capability 
230 records this digital information 6 onto the recording 
medium with license management capability 102-1 along 
with its usage conditions and the digital information key. 

In step S57, the management capability 211 
determines, on the basis of a signal supplied from the 
writing section 131 or the licensed digital information 
capability 230, whether or not the above-mentioned 
digital information 6 has been normally written to the 
recording medium with license management capability 102-1 
along with its usage conditions and the digital 



information key. If this digital information 6 is found 
normally written to the recording medium with license 
management capability 102-1 along with its usage 
conditions and the digital information key, then the 
management capability 211 causes, in step S58, the charge 
computation capability 231 of the digital information 
vending capability 213 to compute the price of the 
digital information 6 to be sold. 

In step S59, the management capability 211 causes 
the details print capability 232 to print on a receipt, 
in numeral or barcode for example, the price computed in 
step S58 for the sold digital information 6. 

In step S60, the management capability 211 ejects 
the recording medium with license management capability 
102-1 from the loading section 111 of the digital 
information vending apparatus 101. 

In step S61, management capability 211 causes the 
charge collection capability 233 to receive the amount of 
money paid for the sold digital information 6, upon which 
the above-mentioned example of the digital information 
selling processing comes to an end. 

If, in step S53, the recording medium with license 
management capability 102-1 is found not authenticated, 
it indicates that the recording medium with license 
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management capability 102-1 is invalid, so that the 
management capability 211 displays, in step S62, a 
message on the display section 126 that the 
authentication has failed, upon which the above-mentioned 
processing comes to an end. 

If, in step S55, if the digital information 6 to be 
sold is not determined and therefore it is determined 
that the discontinuation of the processing has been 
requested, then the management capability 211 displays, 
in step 863, a message on the display section 126 that 
the processing has been discontinued, upon which the 
above-mentioned processing comes to an end. 

If, in step S57, the digital information 6 is found 
not normally recorded onto the recording medium with 
license management capability 102-1 along with its usage 
conditions and the digital information key, then the 
management capability 211 displays, in step S64, a 
message on the display section 126 that the writing 
operation failed, upon which the above-mentioned 
processing comes to an end. 

Thus, the above-mentioned latter example of selling 
the digital information 6 of the digital information 
vending apparatus 101 can cause the same to record the 
sold digital information 6 to the recording medium with 
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license management capability 102-1 along with its usage 
conditions and the digital information key* 

In the process of step S61, the charge collection 
capability 233 receives the amount of money for sold 
digital information 6. Alternatively, the purchaser may 
be made pay the amount of money at a cashier of the store 
at which the digital information vending apparatus 101 is 
installed, on the basis of the price of the sold digital 
information 6 printed through the processing in step S59. 

The above-mentioned sequences of processes can be 
executed by hardware or software. The execution by the 
software is supported by a computer in which the programs 
constituting the software are installed in a dedicated 
hardware device beforehand or by a general -purpose 
personal computer capable of executing various 
capabilities in which these programs are installed from 
the program storage medium. 

The program storage medium for storing computer - 
readable and executable programs may be a package medium 
constituted by the magnetic disc 161 (including floppy 
disk), the optical disc 162 (including CD-ROM (Compact 
Disc-Read Only Memory) and DVD (Digital Versatile Disc)), 
the magneto-optical disc 163 (including MD (Mini Disk)), 
or the semiconductor memory 164 or the ROM 122 on which 
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the programs are stored temporarily or permanently or the 
hard disk constituting the recording section 129 as shown 
in FIG. 3 Programs are stored in the program storage 
medium from wired or wireless communications media such 
as a local area network, the Internet, and digital 
satellite broadcasting through the communications section 
128 as required. 

It should be noted that the steps describing the 
programs to be stored in the program storage medium are 
not only executed in a time - dependent manner in the order 
described, but also in parallel or in a discrete manner. 

It should also be noted that the system as used 
herein denotes an entire apparatus constituted by a 
plurality of component units. 

While the preferred embodiments of the present 
invention have been described using specific terms, such 
description is for illustrative purposes only, and it is 
to be understood that changes and variations may be made 
without departing from the spirit or scope of the 
appended claims. 
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